<?php
global $AppUI, $m, $tab;

$quote_id = dPgetParam($_GET, 'quotation_id', 0);
// TODO: Check permission role
$perms =& $AppUI->acl();
// Check edit
$denyEdit = !$perms->checkModuleItem($m, 'edit', $quote_id);
// Check create
$denyAdd = !$perms->checkModule($m, 'add');

if($denyEdit and (0 < $quote_id)) {
	$AppUI->setMsg('Edit Permission Deny', UI_MSG_ERROR);
	$AppUI->redirect(PUBLIC_PAGE);
}
if($denyAdd){
	$AppUI->setMsg('Add Permission Deny', UI_MSG_ERROR);
	$AppUI->redirect(PUBLIC_PAGE);
}
$q = new DBQuery();
$q->addTable('quotation_lines');
if ($quote_id > 0) {
	$q->addWhere("qitem_quotation = $quote_id");
}
$arrLine = $q->loadList();

$quotation = null;
if ($quote_id > 0) {
	$quotation = new CQuotations();
	$quotation->load($quote_id);
}


header('Content-Type: text/xml');

$xml = new XmlWriter();
$xml->openMemory();
$xml->startDocument('1.0', 'UTF-8');

$xml->startElement('quotation');

if ($quotation) {
	foreach(get_object_vars($quotation) as $key => $value) {
		if( is_array($value) or is_object($value) or $key[0] == '_' ) { // internal or NA field
			continue;
		}
        $xml->writeElement($key, $value);
	}	
}

obj2xml($xml, 'lines', 'line', $arrLine);

$xml->endElement();

echo $xml->outputMemory(true);
?>